Currently, over 100 high-value companies in various industries are the target of a significant identity-theft operation. SLSH, a perilous coalition that combines the strategies of ShinyHunters, LAPSUS$, and Scattered Spider, poses a threat. This campaign, in contrast to standard automated attacks, uses real people to call your employees while running phony login pages that mimic the system of your business.

The attackers' goal is to obtain security tokens and login credentials from Okta and other single sign-on services, which serve as master keys to access all of an organization's applications. A "live phishing panel" is the main tool used in the campaign. Attackers can bypass multi-factor authentication safeguards and intercept login credentials and security codes in real time thanks to this infrastructure.

Canva, Atlassian, Epic Games, HubSpot, and numerous financial institutions, healthcare providers, and real estate firms are among the main targets. The increase in the deployment of malicious infrastructure and the attack patterns that matched SLSH's known operations from "The Com" ecosystem were detected by Silentpush analysts. Analysts at Silentpush pointed out that this was a deliberate targeting of businesses with significant digital assets rather than a haphazard scanning attack.

Threat actors use voice phishing, also known as "vishing," in which they pose as IT personnel and call company help desks and employees to request system access or password resets. They create a convincing social engineering scenario by manipulating a fake login page that exactly matches the victim's screen while they make these calls.

The Live Phishing Panel's Operation Instead of using automated malware deployment, the infection mechanism depends on human-led orchestration. Attackers use the stolen single sign-on session as a starting point for more extensive intrusion after gaining initial access through vishing and credential theft. Learn more Cybersecurity Services for cloud security Consulting services for cybersecurity Training in ethical hacking Reports on threat intelligence Taking advantage of computer security consulting Features of the security author Guide to Hacker Tools Solutions for network security Attackers use this one compromised session as a "skeleton key," potentially granting them access to all linked applications in the target company.

In order to fool administrators into giving them more authority, the attackers then move laterally into internal communication platforms like Teams or Slack.

The campaign advances through extortion and data theft, adhering to the LAPSUS$ playbook. Attackers quickly obtain private data, demand a ransom, and threaten to make the stolen information public. Sometimes they encrypt business systems in order to put more pressure on customers to pay.

Businesses on Silentpush's critical target list should handle this threat as an emergency, alerting all staff members to persistent vishing attempts and promptly checking their single sign-on logs for unusual login locations or suspicious device enrollments. Set CSN as a Preferred Source in Google to Receive More Instant Updates from LinkedIn and X.